Trojans et forcage de pages web
roquimouss
Messages postés
3
Statut
Membre
-
bernie61 -
bernie61 -
Bonjour a tous,
J'ai besoin d'aide, je plusieurs pb dont je n'arrive pas a me debarrasser :
Les trojans :
Win32:Trojano-564
JS:Istbar
et d'autre part j'ai mon internet explorer qui demarre toujours sur la page nowfind.com
J'ai eu beau fixer tout ce qui contenait le nom nowfind avec hijackthis en mode sans eche mais le pb est revenu
Voici mon log hijackthis, Merci d'avance pour votre aide
Logfile of HijackThis v1.99.1
Scan saved at 20:30:29, on 27/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\crss.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Pinnacle\Studio PCTV\Remote\Remoterm.exe
C:\WINDOWS\System32\NVATray.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\j?vaw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\guillaume\Application Data\dada.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\winlagon.exe
C:\WINDOWS\System32\winsys.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\g2.exe
C:\WINDOWS\System32\crss.exe
C:\WINDOWS\System32\l1.exe
C:\Documents and Settings\guillaume\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nowfind.net/011/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/011/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/011/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/011/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/011/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/011/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/011/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Registry Server] crss.exe
O4 - HKLM\..\Run: [Windows Compliant] kmonuy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Studio PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Windows Registry Server] crss.exe
O4 - HKLM\..\RunServices: [Windows Compliant] kmonuy.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Ldjosxcp] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Adro] C:\Documents and Settings\guillaume\Application Data\dada.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio PCTV\ERegister\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O13 - DefaultPrefix: http://nowfind.net/rand/gallery.php?url=
O13 - WWW Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Home Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Mosaic Prefix: http://nowfind.net/rand/gallery.php?url=
O15 - Trusted Zone: *.climaxbucks.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.qck.cc
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.sidefind.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.thawte.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4205
O17 - HKLM\System\CCS\Services\Tcpip\..\{76194FD1-5710-4B1A-BE42-9EED14ABC08A}: NameServer = 212.151.136.242 130.244.127.169
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\Ew5Af.dll
O21 - SSODL: eplrr - {26DDA133-0444-48B8-9B65-539BFBA60E35} - C:\WINDOWS\System32\eplrr3.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
J'ai besoin d'aide, je plusieurs pb dont je n'arrive pas a me debarrasser :
Les trojans :
Win32:Trojano-564
JS:Istbar
et d'autre part j'ai mon internet explorer qui demarre toujours sur la page nowfind.com
J'ai eu beau fixer tout ce qui contenait le nom nowfind avec hijackthis en mode sans eche mais le pb est revenu
Voici mon log hijackthis, Merci d'avance pour votre aide
Logfile of HijackThis v1.99.1
Scan saved at 20:30:29, on 27/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\crss.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Pinnacle\Studio PCTV\Remote\Remoterm.exe
C:\WINDOWS\System32\NVATray.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\j?vaw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\guillaume\Application Data\dada.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\winlagon.exe
C:\WINDOWS\System32\winsys.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\g2.exe
C:\WINDOWS\System32\crss.exe
C:\WINDOWS\System32\l1.exe
C:\Documents and Settings\guillaume\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nowfind.net/011/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/011/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/011/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/011/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/011/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/011/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/011/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/011/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Registry Server] crss.exe
O4 - HKLM\..\Run: [Windows Compliant] kmonuy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Studio PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Windows Registry Server] crss.exe
O4 - HKLM\..\RunServices: [Windows Compliant] kmonuy.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Ldjosxcp] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Adro] C:\Documents and Settings\guillaume\Application Data\dada.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio PCTV\ERegister\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O13 - DefaultPrefix: http://nowfind.net/rand/gallery.php?url=
O13 - WWW Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Home Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Mosaic Prefix: http://nowfind.net/rand/gallery.php?url=
O15 - Trusted Zone: *.climaxbucks.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.qck.cc
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.sidefind.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.thawte.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4205
O17 - HKLM\System\CCS\Services\Tcpip\..\{76194FD1-5710-4B1A-BE42-9EED14ABC08A}: NameServer = 212.151.136.242 130.244.127.169
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\Ew5Af.dll
O21 - SSODL: eplrr - {26DDA133-0444-48B8-9B65-539BFBA60E35} - C:\WINDOWS\System32\eplrr3.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
A voir également:
- Trojans et forcage de pages web
- Web office - Guide
- Creation de site web - Guide
- Comment traduire une page web - Guide
- Impossible de supprimer une page word - Guide
- Capture d'écran de toute une page web - Guide
3 réponses
salut
tu as là une procédure pour nettoyer Istbar
http://www.doxdesk.com/parasite/ISTbar.html
installe un antitrojan pour le reste du ménage
a+
tu as là une procédure pour nettoyer Istbar
http://www.doxdesk.com/parasite/ISTbar.html
installe un antitrojan pour le reste du ménage
a+
Merci pour cette aide je vais tenter de virer en manuel Istbar pourrais tu me dire ce que dois faire d'autre STP.
Ce forum est vraiment excellent et d'une aide precieuse merci d'avance.
Ce forum est vraiment excellent et d'une aide precieuse merci d'avance.
re salut
fais donc le nettoyage avec antitrojan
A effacer en mode sans échec TOUS
C:\WINDOWS\System32\crss.exe
C:\WINDOWS\System32\j?vaw.exe
C:\WINDOWS\System32\winlagon.exe
C:\WINDOWS\System32\winsys.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\g2.exe
C:\WINDOWS\System32\crss.exe > 2ème fois
C:\WINDOWS\System32\l1.exe
A rechercher et effacer kmonuy.exe
Relances HijackThis et cocher toutes ces lignes, puis FIX :
O1 - Hosts: auto.search.msn.com 127.0.0.1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/011/index.html >> toutes lignes R1 et RO avec cela
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O13 - DefaultPrefix: http://nowfind.net/rand/gallery.php?url= >> toutes lignes O13 et 015 aussi
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\Ew5Af.dll > trojan
O21 - SSODL: eplrr - {26DDA133-0444-48B8-9B65-539BFBA60E35} - C:\WINDOWS\System32\eplrr3.dll (file missing) aussi un reste de trojan ? http://www.sophos.com/virusinfo/analyses/trojcorpsea.html
Celui ci tu ne connais pas à cocher et rechercher répertoire pour tout effacer
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll > est-ce spyware doctor alors à garder
a+
fais donc le nettoyage avec antitrojan
A effacer en mode sans échec TOUS
C:\WINDOWS\System32\crss.exe
C:\WINDOWS\System32\j?vaw.exe
C:\WINDOWS\System32\winlagon.exe
C:\WINDOWS\System32\winsys.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\g2.exe
C:\WINDOWS\System32\crss.exe > 2ème fois
C:\WINDOWS\System32\l1.exe
A rechercher et effacer kmonuy.exe
Relances HijackThis et cocher toutes ces lignes, puis FIX :
O1 - Hosts: auto.search.msn.com 127.0.0.1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/011/index.html >> toutes lignes R1 et RO avec cela
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O13 - DefaultPrefix: http://nowfind.net/rand/gallery.php?url= >> toutes lignes O13 et 015 aussi
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\Ew5Af.dll > trojan
O21 - SSODL: eplrr - {26DDA133-0444-48B8-9B65-539BFBA60E35} - C:\WINDOWS\System32\eplrr3.dll (file missing) aussi un reste de trojan ? http://www.sophos.com/virusinfo/analyses/trojcorpsea.html
Celui ci tu ne connais pas à cocher et rechercher répertoire pour tout effacer
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll > est-ce spyware doctor alors à garder
a+
